Malicious Software and its Underground Economy


Security is hard: 1)Attacker has more freedom: Defender need to protect all the points but attacker just need to explore the vulnerability of the system 2) Attacker can induce users to execute the malware even if no vulnerability in the system;

Root-kit: hijack the execution flow (Lead the flow into the malicious handler); There are three place where hijacking could happen: Interrupt Descriptor Table; System Service Descriptor Table; Within the benign handler (Run time Patching)


x86 Assembly Guide